DEVELOPMENT AND VALIDATION OF A QUALITATIVE DATA PRIVACY IMPACT ASSESSMENT SCORECARD FOR SELF-ASSESSMENT IN COOPERATIVE BANKS OF MAHARASHTRA
DOI:
https://doi.org/10.70917/ijcisim-2026-2532Keywords:
Data privacy, DPIA, scorecard, self-assessment, cooperative banks, Maharashtra, privacy governance, ISO 27701, GDPR, risk management, Digital Personal Data Protection ActAbstract
The rapid digitization of cooperative banking in Maharashtra has expanded the volume of personal data collected, processed, and shared by institutions that typically lack dedicated data protection officers, formal DPIA expertise, or the budgets required to engage external privacy consultants. In parallel, India's evolving digital privacy framework — anchored in the Digital Personal Data Protection Act — and the prevalence of internationally accepted instruments such as ISO 27701, the NIST Privacy Framework, and the GDPR DPIA have raised the regulatory expectations placed on these small financial institutions. The present study develops and validates a qualitative Data Privacy Impact Assessment (DPIA) scorecard designed specifically for self-administration by cooperative bank staff. The scorecard consolidates privacy dimensions relevant to cooperative banking data collection, consent, data subject rights, access control, third-party sharing, and retention into maturity-level rating scales that can be completed by non-specialist personnel. A structured questionnaire was administered to 213 cooperative banking professionals across Maharashtra, yielding responses that were analysed using Pearson correlation and one-sample t-tests. The study tested two hypotheses: first, that perceived complexity of existing privacy frameworks is positively correlated with the operational vulnerability of cooperative banks; and second, that the mean perception of the developed scorecard's usability is significantly greater than the neutral midpoint of the five-point Likert scale. Both null hypotheses were decisively rejected. The Pearson correlation between framework complexity and operational vulnerability reached r = 0.683 (p < 0.001), confirming that complexity is a meaningful antecedent of vulnerability in this institutional context. The aggregate one-sample t-statistic for usability was t = 18.836 (p < 0.001) against the neutral value of 3.0, validating the scorecard as perceived-usable by the very personnel expected to deploy it. The study contributes a fit-for-purpose self-assessment instrument, an empirically grounded argument for tool simplification in cooperative banking, and a methodological template for similar validation exercises in other small financial institutions.